The Unique Identification Authority of India, which manages the Centre’s Aadhaar system, said on Thursday that The Tribune had misreported an article about a breach of biometric data. It said there had not been any Aadhaar data breach, and the “information is fully safe and secure”.

In a rebuttal to the UIDAI’s accusation, The Tribune stood by its report, and said the Aadhaar authority, in its response, had in fact admitted to the “misuse” of biometric data.

In a report titled “Rs 500, 10 minutes, and you have access to billion Aadhaar details” published on Wednesday, the newspaper claimed to have bought “a service being offered by anonymous sellers over WhatsApp” for “unrestricted access” to details of the more than 1 billion Aadhaar holders.

“It took just Rs 500, paid through Paytm, and 10 minutes in which an ‘agent’ of the group running the racket created a ‘gateway’ for this correspondent and gave a login ID and password,” The Tribune reported, adding that merely entering the 12-digit number in the portal brought forth all Aadhaar details submitted to the UIDAI.

With another Rs 300, the report claimed, the agent provided a software that allowed an Aadhaar card to be printed after entering the number.

Officials of the Aadhaar authority in Chandigarh informed technical consultants of the UIDAI in Bengaluru after The Tribune said it got in touch with them. “Anyone else having access is illegal and is a major national security breach,” Sanjay Jindal, additional director-general of the UIDAI’s Chandigarh centre, told the newspaper.

The Tribune said investigations found that the scam may have begun around six months ago and involves village-level enterprise operators hired by the Ministry of Electronics and Information Technology.

UIDAI’s response

In its response, the UIDAI said it had given the search tool to designated officials for the purpose of grievance redressal, and it maintained a log of every time it was used. It said the case reported by The Tribune seemed to be one of “misuse” of this facility, and that it would take legal action against those found involved and file an FIR as well.

“UIDAI reassures that there has not been any breach of biometric database, which remains fully safe and secure with the highest encryption, and mere display of demographic information cannot be misused without biometrics,” it said.

“Also, mere availability of an Aadhaar number will not be a security threat nor will it lead to financial/other fraud, as for successful authentication, fingerprint or iris of individual is also required,” the authority said. “Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded.”

The Tribune’s rebuttal

After the Aadhaar authority’s response, The Tribune said the UIDAI’s promise that it would file a case against any breach of data was “an admission of something being amiss”.

“UIDAI has admitted that a facility on their website has been ‘misused’,” the newspaper wrote. “The fact is that it has been ‘misused’ to steal data...at will, for any Aadhaar number... Also, the tracking system obviously never realised that unauthorised people were accessing the data. And if FIRs are being contemplated, is that not an admission of something being amiss?”